hxxp://klpwoqmkzkskwkks729299282@gmail[.]com/

Analysis

max time kernel
47s
max time network
1799s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
27/08/2023, 22:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://[email protected]/

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1184 wrote to memory of 1976	1184	chrome.exe	28
PID 1184 wrote to memory of 1976	1184	chrome.exe	28
PID 1184 wrote to memory of 1976	1184	chrome.exe	28
PID 1184 wrote to memory of 2872	1184	chrome.exe	30
PID 1184 wrote to memory of 2872	1184	chrome.exe	30
PID 1184 wrote to memory of 2872	1184	chrome.exe	30
PID 1184 wrote to memory of 2872	1184	chrome.exe	30
PID 1184 wrote to memory of 2872	1184	chrome.exe	30
PID 1184 wrote to memory of 2872	1184	chrome.exe	30
PID 1184 wrote to memory of 2872	1184	chrome.exe	30
PID 1184 wrote to memory of 2872	1184	chrome.exe	30
PID 1184 wrote to memory of 2872	1184	chrome.exe	30
PID 1184 wrote to memory of 2872	1184	chrome.exe	30
PID 1184 wrote to memory of 2872	1184	chrome.exe	30
PID 1184 wrote to memory of 2872	1184	chrome.exe	30
PID 1184 wrote to memory of 2872	1184	chrome.exe	30
PID 1184 wrote to memory of 2872	1184	chrome.exe	30
PID 1184 wrote to memory of 2872	1184	chrome.exe	30
PID 1184 wrote to memory of 2872	1184	chrome.exe	30
PID 1184 wrote to memory of 2872	1184	chrome.exe	30
PID 1184 wrote to memory of 2872	1184	chrome.exe	30
PID 1184 wrote to memory of 2872	1184	chrome.exe	30
PID 1184 wrote to memory of 2872	1184	chrome.exe	30
PID 1184 wrote to memory of 2872	1184	chrome.exe	30
PID 1184 wrote to memory of 2872	1184	chrome.exe	30
PID 1184 wrote to memory of 2872	1184	chrome.exe	30
PID 1184 wrote to memory of 2872	1184	chrome.exe	30
PID 1184 wrote to memory of 2872	1184	chrome.exe	30
PID 1184 wrote to memory of 2872	1184	chrome.exe	30
PID 1184 wrote to memory of 2872	1184	chrome.exe	30
PID 1184 wrote to memory of 2872	1184	chrome.exe	30
PID 1184 wrote to memory of 2872	1184	chrome.exe	30
PID 1184 wrote to memory of 2872	1184	chrome.exe	30
PID 1184 wrote to memory of 2872	1184	chrome.exe	30
PID 1184 wrote to memory of 2872	1184	chrome.exe	30
PID 1184 wrote to memory of 2872	1184	chrome.exe	30
PID 1184 wrote to memory of 2872	1184	chrome.exe	30
PID 1184 wrote to memory of 2872	1184	chrome.exe	30
PID 1184 wrote to memory of 2872	1184	chrome.exe	30
PID 1184 wrote to memory of 2872	1184	chrome.exe	30
PID 1184 wrote to memory of 2872	1184	chrome.exe	30
PID 1184 wrote to memory of 2872	1184	chrome.exe	30
PID 1184 wrote to memory of 2720	1184	chrome.exe	31
PID 1184 wrote to memory of 2720	1184	chrome.exe	31
PID 1184 wrote to memory of 2720	1184	chrome.exe	31
PID 1184 wrote to memory of 2876	1184	chrome.exe	32
PID 1184 wrote to memory of 2876	1184	chrome.exe	32
PID 1184 wrote to memory of 2876	1184	chrome.exe	32
PID 1184 wrote to memory of 2876	1184	chrome.exe	32
PID 1184 wrote to memory of 2876	1184	chrome.exe	32
PID 1184 wrote to memory of 2876	1184	chrome.exe	32
PID 1184 wrote to memory of 2876	1184	chrome.exe	32
PID 1184 wrote to memory of 2876	1184	chrome.exe	32
PID 1184 wrote to memory of 2876	1184	chrome.exe	32
PID 1184 wrote to memory of 2876	1184	chrome.exe	32
PID 1184 wrote to memory of 2876	1184	chrome.exe	32
PID 1184 wrote to memory of 2876	1184	chrome.exe	32
PID 1184 wrote to memory of 2876	1184	chrome.exe	32
PID 1184 wrote to memory of 2876	1184	chrome.exe	32
PID 1184 wrote to memory of 2876	1184	chrome.exe	32
PID 1184 wrote to memory of 2876	1184	chrome.exe	32
PID 1184 wrote to memory of 2876	1184	chrome.exe	32
PID 1184 wrote to memory of 2876	1184	chrome.exe	32
PID 1184 wrote to memory of 2876	1184	chrome.exe	32

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://[email protected]/
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef72c9758,0x7fef72c9768,0x7fef72c9778
  2⤵
  PID:1976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1152 --field-trial-handle=1224,i,7916834228961362541,4320403478450200792,131072 /prefetch:2
  2⤵
  PID:2872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1520 --field-trial-handle=1224,i,7916834228961362541,4320403478450200792,131072 /prefetch:8
  2⤵
  PID:2720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1612 --field-trial-handle=1224,i,7916834228961362541,4320403478450200792,131072 /prefetch:8
  2⤵
  PID:2876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2292 --field-trial-handle=1224,i,7916834228961362541,4320403478450200792,131072 /prefetch:1
  2⤵
  PID:2788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2284 --field-trial-handle=1224,i,7916834228961362541,4320403478450200792,131072 /prefetch:1
  2⤵
  PID:2776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1444 --field-trial-handle=1224,i,7916834228961362541,4320403478450200792,131072 /prefetch:2
  2⤵
  PID:2312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3128 --field-trial-handle=1224,i,7916834228961362541,4320403478450200792,131072 /prefetch:1
  2⤵
  PID:1684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=2696 --field-trial-handle=1224,i,7916834228961362541,4320403478450200792,131072 /prefetch:1
  2⤵
  PID:2036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2324 --field-trial-handle=1224,i,7916834228961362541,4320403478450200792,131072 /prefetch:8
  2⤵
  PID:1824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3692 --field-trial-handle=1224,i,7916834228961362541,4320403478450200792,131072 /prefetch:8
  2⤵
  PID:952

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2060

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://[email protected]/
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef72c9758,0x7fef72c9768,0x7fef72c9778
  2⤵
  PID:1976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1152 --field-trial-handle=1224,i,7916834228961362541,4320403478450200792,131072 /prefetch:2
  2⤵
  PID:2872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1520 --field-trial-handle=1224,i,7916834228961362541,4320403478450200792,131072 /prefetch:8
  2⤵
  PID:2720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1612 --field-trial-handle=1224,i,7916834228961362541,4320403478450200792,131072 /prefetch:8
  2⤵
  PID:2876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2292 --field-trial-handle=1224,i,7916834228961362541,4320403478450200792,131072 /prefetch:1
  2⤵
  PID:2788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2284 --field-trial-handle=1224,i,7916834228961362541,4320403478450200792,131072 /prefetch:1
  2⤵
  PID:2776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1444 --field-trial-handle=1224,i,7916834228961362541,4320403478450200792,131072 /prefetch:2
  2⤵
  PID:2312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3128 --field-trial-handle=1224,i,7916834228961362541,4320403478450200792,131072 /prefetch:1
  2⤵
  PID:1684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=2696 --field-trial-handle=1224,i,7916834228961362541,4320403478450200792,131072 /prefetch:1
  2⤵
  PID:2036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2324 --field-trial-handle=1224,i,7916834228961362541,4320403478450200792,131072 /prefetch:8
  2⤵
  PID:1824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3692 --field-trial-handle=1224,i,7916834228961362541,4320403478450200792,131072 /prefetch:8
  2⤵
  PID:952

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2060

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
24e355eca850697a65f0bf24b6c16e8d

SHA1
75b815ab89cfccb280778ff53d95318393630583

SHA256
2db1643b44bc261e727398365f98f449ada7a0b35040e2877121967c2d7ae556

SHA512
d448812d67e67682e6f09b2eee136aa65758812e130aa1db139cedd580ee7bb7a434c87c5ce185a50e13677185b5bc3e737a8890f906eb8e2e551a4e6a06e6e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
24e355eca850697a65f0bf24b6c16e8d

SHA1
75b815ab89cfccb280778ff53d95318393630583

SHA256
2db1643b44bc261e727398365f98f449ada7a0b35040e2877121967c2d7ae556

SHA512
d448812d67e67682e6f09b2eee136aa65758812e130aa1db139cedd580ee7bb7a434c87c5ce185a50e13677185b5bc3e737a8890f906eb8e2e551a4e6a06e6e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
7c50f6fe1d4ffb9a43b4033a3a8d81ec

SHA1
8749a4992e0af6a6cf1c1ce0de3af126004a2497

SHA256
57a62c36110afb44887a4401bf69502129e71c276fe930dd3d5120aca8f729e2

SHA512
efc1bb95466d69f4a620e352e82ad5d6d1ae85de946c1f13326994c7b930dee0a242bffa41fcb37a9b555f82b8e61f2e2e1d23c9ea6dc358300f398f560d80c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
7c50f6fe1d4ffb9a43b4033a3a8d81ec

SHA1
8749a4992e0af6a6cf1c1ce0de3af126004a2497

SHA256
57a62c36110afb44887a4401bf69502129e71c276fe930dd3d5120aca8f729e2

SHA512
efc1bb95466d69f4a620e352e82ad5d6d1ae85de946c1f13326994c7b930dee0a242bffa41fcb37a9b555f82b8e61f2e2e1d23c9ea6dc358300f398f560d80c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
b8de3e2feef24cd27f1a3769106d7ffb

SHA1
1647b553f1740fa407a85d5508c224b9c1b29aed

SHA256
bce2959cd34792500b939d6bbe59a1415ddd4054183749959bd70a7f1ece8b7b

SHA512
ff27c22ee785b8be495528210909b026292043dbb80a744c7f0080688f0608a7e70bd971fa1c4e9db9baf06b78733e42eedc2b16594e54b9b69e41ba6a5397b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
b8de3e2feef24cd27f1a3769106d7ffb

SHA1
1647b553f1740fa407a85d5508c224b9c1b29aed

SHA256
bce2959cd34792500b939d6bbe59a1415ddd4054183749959bd70a7f1ece8b7b

SHA512
ff27c22ee785b8be495528210909b026292043dbb80a744c7f0080688f0608a7e70bd971fa1c4e9db9baf06b78733e42eedc2b16594e54b9b69e41ba6a5397b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
684B

MD5
3628e7c7738f2d567b6f02c4a8bd0ade

SHA1
1c55490185b339cc3bf1f259649cfc27c2169418

SHA256
ac8c377d9743d17fbe8b36a47f97fa8dd3009c56739a045cbe77ee0ff0ddd22f

SHA512
e47ceb17d59c985cc9708c6c33e1ba4a27fcce1d26a80f92d6243dee537228e82707c85d6a4f9e034ef858cbf47cc1bd0731cdb2ecc2e035df7f6b22f8d4f10c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
684B

MD5
3628e7c7738f2d567b6f02c4a8bd0ade

SHA1
1c55490185b339cc3bf1f259649cfc27c2169418

SHA256
ac8c377d9743d17fbe8b36a47f97fa8dd3009c56739a045cbe77ee0ff0ddd22f

SHA512
e47ceb17d59c985cc9708c6c33e1ba4a27fcce1d26a80f92d6243dee537228e82707c85d6a4f9e034ef858cbf47cc1bd0731cdb2ecc2e035df7f6b22f8d4f10c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
682B

MD5
84ec0bd3290e5459c5daac38692c6345

SHA1
85252be039185a41867da88a6427f7607921d029

SHA256
c690c5ed1598f7df4fe9a4121c8d02929082a02ecd26afe1b8c88211f473cabf

SHA512
4e5691cacecc16e1820eb00fba452245220fe2bc3e64f8624493ac7e85fa66e519fd0f4f0b7ad6fdd59757d92a633032525cea14ea086fbb73e87d630b4ce13c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
682B

MD5
84ec0bd3290e5459c5daac38692c6345

SHA1
85252be039185a41867da88a6427f7607921d029

SHA256
c690c5ed1598f7df4fe9a4121c8d02929082a02ecd26afe1b8c88211f473cabf

SHA512
4e5691cacecc16e1820eb00fba452245220fe2bc3e64f8624493ac7e85fa66e519fd0f4f0b7ad6fdd59757d92a633032525cea14ea086fbb73e87d630b4ce13c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
c4677116926106916a3880a5ea02e348

SHA1
327875832b6a25f287d3a08945562cd694e85d61

SHA256
5064fc8c505015e15a20cf8cacb868a13a4819d4a6eb51d76c864d7b2d7ab9e1

SHA512
6539ff22d0a9e70075d670bb4efe5354c3d02122f116ffe81dce005b8ab426f0c09e8500ca027d80f11c1b47e6d99b03ffbc1af258f9c1bb1a65d82599b0b741

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
c4677116926106916a3880a5ea02e348

SHA1
327875832b6a25f287d3a08945562cd694e85d61

SHA256
5064fc8c505015e15a20cf8cacb868a13a4819d4a6eb51d76c864d7b2d7ab9e1

SHA512
6539ff22d0a9e70075d670bb4efe5354c3d02122f116ffe81dce005b8ab426f0c09e8500ca027d80f11c1b47e6d99b03ffbc1af258f9c1bb1a65d82599b0b741

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
c3da96e3d9879d2c4ca90e8d65d03a35

SHA1
bd115140531261ded4be8e9ed8bd1321f6f2f16b

SHA256
e628d4073664d9b878545fc0299946ff3abbb4a04da668271510f045c0271e69

SHA512
7049f82ad715c926b180060ec54362887bb30bf87463119442c00a7cb5c91d8956c8eb94b2e9f726c1a45291ec816a962058544f3d968c8e5684ab6717975b82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
c3da96e3d9879d2c4ca90e8d65d03a35

SHA1
bd115140531261ded4be8e9ed8bd1321f6f2f16b

SHA256
e628d4073664d9b878545fc0299946ff3abbb4a04da668271510f045c0271e69

SHA512
7049f82ad715c926b180060ec54362887bb30bf87463119442c00a7cb5c91d8956c8eb94b2e9f726c1a45291ec816a962058544f3d968c8e5684ab6717975b82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit